Patch Analysis for August 2006

Update on MS06-042 problems; if you haven't loaded MS06-040 install it YESTERDAY

Update on MS06-042 and MS06-040

MS06-042, the cumulative security patch for Internet Explorer (918899), has caused some real headaches for all of us in the user community and Microsoft. Actually, the real culprit may lie with the security researcher who broke with responsible disclosure. Here's what happened. After the release of MS06-042 some researchers discovered and privately reported to Microsoft a defect in the patch that causes a crash on IE 6.0 SP1 systems with MS06-042 installed. Worse still the crash was exploitable meaning that installation of the security update introduced a new security hole. Microsoft decided to hold off reporting this new vulnerability until they developed a fix. One of the researchers disagreed and went public about the defect and its exploit details. Microsoft is apparently having a difficult time fixing the problem which has forced them to delay the re-release of MS06-042.

Now, let's talk about MS06-040 which is the update to the nasty vulnerability in the Server service. Sometimes I hate being right. On Patch Tuesday I said MS06-040 "would be a prime candidate for a worm infection vector" and sure enough, along came Graweg Saturday night. The good news, if you are an XP and 2003 shop, is that Graweg only affected Windows 2000 systems but there's no reason to assume another exploit won't come along that spreads faster and does more damage. So I strongly encourage you to scan your network with MBSA and patch any systems missing MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883) before it's too late.

"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."